Hi all, I'm a solo iOS developer trying to update an app I released in 2010. My current Team ID is Q37598Q8GE, but the app's original App ID uses an old prefix, YHX995W43P. When I try to create a new App ID with the original Bundle ID (eu.andela.woordenes) to generate a new distribution provisioning profile, I get the error:An attribute in the provided entity has invalid value An App ID with Identifier 'eu.andela.woordenes' is not available. Please enter a different string. I understand this might be due to the old prefix from pre-2011, when Apple allowed multiple prefixes per account. I still have access to the app in App Store Connect and want to push an update, not create a new app. How can I resolve this?Can I reuse the existing App ID (eu.andela.woordenes with prefix YHX995W43P) for a new provisioning profile, or do I need to match my current Team ID (Q37598Q8GE)? If the Bundle ID is already taken by my current app, how do I update the app without changing the Bundle ID? Any steps to fix the prefix mismatch in Xcode or App Store Connect?

Hello, I am trying to publish a simple app to the App Store for the first time, and I am getting these 2 errors. Please note the knowledge base URLs shown in the screenshot are not clickable. I think this should be addressed. Any guidance on how to correct these issues will be greatly appreciated. Sincerely, Anis

My iOS version of the app is available on the App Store with a non-team ID prefix for its bundle ID. It has been available there for a long time and I am not sure why I chose a custom prefix for it. The Mac version of the same app is available on the Mac App Store with a different bundle ID and with a prefix that matches my team ID. I am currently looking to "merge" both apps into a single bundle ID. The plan is to stop using the current Mac app and release a new one as a universal app under the existing bundle ID for the iOS app. Unfortunately, it looks like that the Mac App Store does not actually allow any submissions that have a non-team ID for a prefix. I know that it is a very specific case but any suggestions would be welcomed.

Hi, after 2 years of not updating my app on appstore i wanted to submit an update for my iOS app which also containts a watch app target. When i try to submit it to upload it i get the following errors: Failed registering bundle identifier The app identifier "(myappBundleID).watchkitapp" cannot be registered to your development team because it is nit available. Change your bundle identifier to a unique string to try again. No Profiles for "(myappBundleID).watchkitapp" were found. Xcode culdn't find any iOS App Store provisining profiles matching "(myappBundleID).watchkitapp" Since i have my app already in store with that bundle identifier i don't know why it can not be registered to my team. Also i don't want to change the bundle identifier because then i can not publish it as update to store.

Coming from Windows, I'm finding Mac app packaging farcically complicated, to the level of a Python sketch. I mastered Windows packaging, via Inno, in an hour or so, but it has taken me, on and off, the best part of a week to get to the point I am at with the Mac OS, and I'm nowhere near finished (rather, it hasn't finished with me). Every time I surmount one hurdle, another pops up, seemingly just for the jollies. I'm currently stuck at: 'Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired.' My account lists no agreements in this category. I understand the need for security, but not the labyrinthine nature of the process. An inner-party member in the former Soviet Union overheard a drunken Stalin say, “I trust no one; not even myself". Apple trusts no one, but has true contempt for developers. Is there a simple way to work through the packaging process? Let me rephrase that: please God, let there be a simpler way of working through the process! Regards, in extremis, Richard

Hello Apple Support, While attempting to staple a notarization ticket for our signed installer package, the stapler command fails with Error 65. Upon investigation, we found that connections to oscdn.apple.com present an SSL certificate issued to a248.e.akamai.net, which does not include oscdn.apple.com in its Subject Alternative Name (SAN). This mismatch prevents our macOS environment from validating tickets and completing the stapling process. Steps tried: Verified notarization status (Accepted). DNS flushed, tried different DNS (8.8.8.8, 1.1.1.1). curl to oscdn.apple.com consistently fails with SSL error 60. Please advise on resolving this certificate mismatch. also when I try to run the stapler command with my pkg "xcrun stapler staple/Users/mactest/Desktop/IPMPlus_Macos_Installer.signed.pkg" getting the output like :- Processing: /Users/mactest/Desktop/IPMPlus_Macos_Installer.signed.pkg Could not validate ticket for /Users/mac-test/Desktop/IPMPlus_Macos_Installer.signed.pkg The staple and validate action failed! Error 65. please help Thank you.

I’m unable to notarize the executable and the .app — the status has been showing “In Progress” for over an hour. Upon checking the xcrun logs, it indicates that the submission ID was not received. I also noticed there’s an Apple Developer Service outage reported since October 8, 2025. Could you please let me know when this outage is expected to be resolved? It would be very helpful.

Hi everyone, For the past three days I've been unable to notarize my app — every attempt fails with an HTTP 500 error from Apple's notarization service. What's unusual is that the error occurs not only during submission, but also when simply validating credentials via store-credentials. Example: $ xcrun notarytool store-credentials "notarytool-password" \ --apple-id <id> --team-id <team> --password <app-specific-password> Validating your credentials... Error: HTTP status code: 500. Internal Server Error Request ID: K6NYCMIFNM66OI2WRG3ORZEDUE.0.0 Please try again at a later time. Since the failure happens at credential validation — before any package is even uploaded — I'm fairly confident this is a server-side issue, not something wrong with my setup or the binary. I've tried across different network connections, same result. Has anyone else been hitting this? Is there a known outage or incident on Apple's notarization infrastructure? Any way to escalate or get a status update beyond checking developer.apple.com/system-status/? Thanks

During the release of our macOS App, we encountered the following issue: We need to support dynamic code loading of WebAssembly (wasm) inside our App, mainly by loading WebAssembly (wasm) binary modules. We discovered a problem: a wasm file is neither an executable nor a bundle, so it cannot be code-signed. Since our App needs to pass notarization, we have not set the com.apple.security.cs.allow-unsigned-executable-memory entitlement. Without setting com.apple.security.cs.allow-unsigned-executable-memory, loading a wasm module results in an “unsigned code” error that causes the process to crash. Could you please advise on what we should do to avoid this problem? Is it possible to apply for a special entitlement to allow com.apple.security.cs.allow-unsigned-executable-memory?

The device UDID was registered to the developer account 40 hours ago, the STATUS column was "processing" in the first 24 hours, then turned to empty. But I still can't run my app (with distribution method "development"), when I try to run it after download it through my OTA URL, it prompts “the app cannot be installed because its integrity could not be verified” but everything runs good on a iPhone which was registered a month ago. What should I do now? keep waiting?

I am receiving an entitlement error from stripe terminal SDK when integrating Tap to Pay from apple in the info.plist. Im hoping that someone can give me their input on my error output rather than diving into the stripe sdk to point me in the right direction of something I may have missed with entitlements. I have been approved for tap to pay entitlement and am following the instructions here from apple: https://developer.apple.com/documentation/proximityreader/setting-up-the-entitlement-for-tap-to-pay-on-iphone com.apple.developer.proximity-reader.tap-to-pay

In the past it was relatively easy to download from the developer portal both the app signing and installer signing certs so that I could sign AppleScripts from Script Editor when exporting them and when building packages in Jamf Composer. I went to set that up today and it seems things have changed in the last few years since I've had to set this up. I've been unable to sort this out and would love some help. I'm looking for a tutorial on doing this that walks someone step-by-step through the process for obtaining the certs (yes, I have dev account) and setting them up in keychain and then making use of them. Thanks!

We have a Mac that is used to sign and notarize our installers. This Mac will be going away soon, so I have to setup a new Mac to do that work. I've been able to install all the tools, but I can't get them to work. The certificates are in the keychain, but don't show up in the "My Certificates", probably because the related keys don't exist in the "Keys" list. I'm using the same Apple Dev ID that I used on the other machine. HOW do I get things setup on the new machine to work? There must be some way to get key/certificate pairs to work. (I am very definitely NOT a Mac expert, barely even a novice.)

This is a Math+CS Educational app written in Java. I have been able to distribute the Intel-Mac version downloaded as a .dmg (code-signed, notarized and stapled). I also need to support Apple silicon hw. I re-created the entire sw manufacturing structure on my M2 Macbook. I'm using the exact same command scripts that work on the older hardware. I am expecting the jpackage script to run the same way on the M2....but no. The first sign of trouble is I'm not getting an authentication password dialog , which I believe is thrown up by the MacOS when codesign asks to access my Keychain certificates. My keychain is setup the default way. Here is the error msg: [07:38:08.719] Running /usr/bin/codesign [07:38:08.749] java.io.IOException: Command [/usr/bin/codesign, -s, Developer ID Application: Pierre Bierre (SL7L4YU8GT), -vvvv, --timestamp, --options, runtime, --prefix, ST_DFG2D_ARM, /var/folders/v7/06pp2_5d6gz9593k96n2z0v40000gn/T/jdk.jpackage11705714069544945060/images/image-2753484488940359178/DataflowGeom2D.app/Contents/runtime/Contents/Home/lib/libnet.dylib] exited with 1 code at jdk.jpackage/jdk.jpackage.internal.Executor.executeExpectSuccess(Executor.java:90) at jdk.jpackage/jdk.jpackage.internal.IOUtils.exec(IOUtils.java:215) If I build the .dmg installer WITHOUT code-signing it, it produces a good .dmg, but I can't distribute it to my students with M2-M3-M4 rigs. The error feedback from "codesign" is nonspecific and inactionable. As a developer, I need specific, actionable error messages. I expect that from the wealthiest computer company in the world. Need the info.

I'm posting this here after reading Quinn's post here: https://developer.apple.com/forums/thread/799000 The above entitlement is mentioned in IOUSBHostControllerInterface.h. It isn't an entitlement one can add using the + button on the Capabilities panel in Xcode. If I try to add it by hand, Xcode complains that it isn't in my profile. Is this a managed entitlement? We'd like to create a local USB "device" to represent a real device reachable over a network.

I have tried again and again to generate and install the .mobileprovision on my device for testing apps following the exact instructions. I cannot get this to work. When I tap the .mobileprovision on the device I get the error "Profile Error - This profile cannot be installed." In Xcode in the console as I try to install the profile, this is what it shows: `profiled (ManagedConfiguration) Desc : Invalid Profile US Desc: Invalid Profile Domain : MCProfileErrorDomain Code : 1000 Type : MCFatalError and then profiled Desc : Invalid Profile Sugg : Invalid Profile US Desc: Invalid Profile US Sugg: Invalid Profile Domain : MCInstallationErrorDomain Code : 4000 Type : MCFatalError ...Underlying error: NSError: Desc : Invalid Profile US Desc: Invalid Profile Domain : MCProfileErrorDomain Code : 1000 Type : MCFatalError I have been at this for days and cannot get it to work. Any help would be appreciated

Hello Engineers My app was rejected with the message below, BUT I don't have this entitlements in my project! I already removed all Xcode files under ${HOME}/Developer/Xcode, but the problem still alive! Guideline 2.4.5(i) - Performance In order to continue reviewing your app, we require additional information. Your app uses one or more entitlements which do not appear to have matching functionality within the app. Please reply to this message in App Store Connect and describe how and where the app uses the following entitlements. You will not need to upload a new binary to provide this information. Apps should have only the minimum set of entitlements necessary for the app to function properly. If there are entitlements that are not needed, please remove them and submit an updated binary. You will need to Developer Reject the app to upload an updated version. "com.apple.security.assets.pictures.read-write" "com.apple.security.assets.movies.read-write" "com.apple.security.assets.music.read-write" "com.apple.security.files.downloads.read-write" Here my entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>group.org.eof.apps</string> </array> <key>com.apple.security.files.user-selected.read-write</key> <true/> </dict> </plist> code-block Who or where are these entitlements inserted? Which button should be clicked to deactivate them? Link to my project: DRFXBuilder Regards

Hello Everyone, I am currently building an app using React Native with Swift bridging, integrating VoIP functionality using Twilio, PushKit, and CallKit. I am encountering the following issue during development: "The current provisioning profile doesn't include the com.apple.developer.voip-push-notification entitlement." What I’ve Done So Far: VoIP Certificate: I have created a valid VoIP Services certificate in the Apple Developer portal. Bundle Identifier and Provisioning Profile: A new Bundle ID was created specifically for this app. I created a provisioning profile for this Bundle ID and downloaded it for use in Xcode. Xcode Capabilities Push Notifications: Enabled Background Modes: Voice over IP: Enabled, Remote notifications: Enabled Entitlements File I have an entitlements file named VoiceCallDemoProjectRelease.entitlements with the following content: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>aps-environment</key> <string>development</string> <key>com.apple.developer.voip-push-notification</key> <true/> </dict> </plist> This entitlements file is properly linked in the project’s build settings. Project Setup I have integrated PushKit for VoIP push handling and CallKit for incoming call UI and control. Problem: In the Apple Developer portal under my App ID settings, I only see an option to enable Push Notifications. There is no option available to enable Voice over IP, and therefore the provisioning profile generated does not include the com.apple.developer.voip-push-notification entitlement. Despite enabling VoIP background mode in Xcode, adding the entitlement in my project, and using a valid VoIP certificate, the profile does not include the required entitlement. Additional Information: I am using an Individual Apple Developer Account, not an Organization account. I have already attempted re-downloading the provisioning profile, restarting Xcode, and cleaning the build folder. Question: What steps should I take to resolve this and ensure that the com.apple.developer.voip-push-notification entitlement is included in my provisioning profile? Is this limitation due to the type of developer account (individual vs. organization), and do I need to upgrade to an Organization account to access this entitlement? Is there any way to request for 'com.appple.developer.voip-push-notification' entitlement to Apple Team ? Any clarification would be appreciated. Thank you.

This is my .entitlements file: Code signing: codesign --sign -vvv --timestamp --options=runtime --force --entitlements ./UES.entitlements -s "Developer ID Application: XXX. (XXXXXXX)" ./UES.app I work fine in the macOS 13.x system, but the "killed" error occurs in macOS11.x. The system log is displayed as follows: (If codesign remove the --entitlements ./UES.entitlements, it will operate normally) 2025-04-21 13:58:27.039638+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:27.039762+0800 0xd5bbf Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:27.039815+0800 0xd5bbf Default 0x0 0 0 kernel: proc 29354: load code signature error 4 for file "UES" 2025-04-21 13:58:27.040720+0800 0xd5bc0 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29354, /Applications/UES.app/Contents/MacOS/UES 2025-04-21 13:58:27.045974+0800 0xd58be Error 0x0 66405 0 CoreServicesUIAgent: [com.apple.launchservices:uiagent] handle LS launch error: {\n Action = oapp;\n AppMimimumSystemVersion = "10.13";\n AppPath = "/Applications/UES.app";\n ErrorCode = "-10826";\n} 2025-04-21 13:58:39.121619+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:39.121832+0800 0xd5e0f Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:39.121861+0800 0xd5e0f Default 0x0 0 0 kernel: proc 29415: load code signature error 4 for file "UES" 2025-04-21 13:58:39.122571+0800 0xd5e10 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29415, /Applications/UES.app/Contents/MacOS/UES 2025-04-21 13:58:46.297915+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:46.298031+0800 0xd5f85 Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:46.298072+0800 0xd5f85 Default 0x0 0 0 kernel: proc 29485: load code signature error 4 for file "UES" 2025-04-21 13:58:46.300248+0800 0xd5f86 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29485, /Applications/UES.app/Contents/MacOS/UES What causes the pattern to be narrow?

Hello Apple Developer Support, We are experiencing an issue when programmatically installing a trusted root certificate on EC2 macOS instances (ARM-based), running the latest version of macOS 14.7.5 (Build 23H527). We are using the following command as part of our automated setup process: sudo security authorizationdb write com.apple.trust-settings.admin allow sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$CERT_NAME" sudo security authorizationdb remove com.apple.trust-settings.admin This fails with the following message: SecTrustSettingsSetTrustSettings: The authorization was denied since no user interaction was possible In the past, as sugested in other posts (https://developer.apple.com/forums/thread/671582) we were able to bypass this issue by running: sudo security authorizationdb write com.apple.trust-settings.admin allow This worked successfully in prior versions, including earlier 14.x releases, and continues to work on Intel-based macOS instances. However, in macOS 14.7.5 (on ARM), this approach no longer works. We suspect this may be due to a change in how System Integrity Protection (SIP) is enforced, especially on EC2 ARM. Questions: Has Apple introduced any changes in macOS 14.7.5 that prevent modifying trust settings via security CLI on headless or non-interactive sessions? Is there an approved or documented way to install system-level trusted certificates programmatically on macOS 14.7.5 (ARM)? Are there alternatives for setting trustRoot certs in non-GUI environments, such as virtualized or cloud-hosted macOS instances? As further information we were thinking to use MDM Profiles but looks like it is also blocked Thanks